Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
Deckard's System Scanner v20071014.68
Run by Keith on 2007-12-04 14:15:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-04 14:15:53 UTC - RP34 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).


-- HijackThis (run as Keith.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:06, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\spooIsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Keith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DDDDF15-33C1-42FB-BD67-317860034E9D} - C:\WINDOWS\system32\mllmj.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9B4868E3-767E-4A1C-A792-3CC451BA8CAC} - C:\WINDOWS\system32\awtqqpm.dll
O2 - BHO: {220bcf2f-ffb8-927b-4624-b06e5a14d64a} - {a46d41a5-e60b-4264-b729-8bfff2fcb022} - C:\WINDOWS\system32\ybyngour.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Windows Zero Driver] wncmgr.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://web.contacts.orange.co.uk/wuk_webab/VoxsyncX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: awtqqpm - C:\WINDOWS\SYSTEM32\awtqqpm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10287 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.3 Build 4>
R2 SENTINEL (Sentinel driver) - c:\windows\system32\drivers\sentinel.sys

S3 Usblink (Usblink Driver) - c:\windows\system32\drivers\ulink.sys <Not Verified; ; USB SUPERLINK ADAPTER>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Super Link Adapter
Device ID: ROOT\USB\0000
Manufacturer: Provider
Name: USB Super Link Adapter
PNP Device ID: ROOT\USB\0000
Service: Usblink


-- Scheduled Tasks -------------------------------------------------------------

2007-12-04 06:57:42 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-04 03:00:00 520 --a------ C:\WINDOWS\Tasks\AntiSpywareBot Scheduled Scan.job
2007-11-29 06:14:53 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-25 09:40:12 622 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Keith.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 13:57:41 0 d-------- C:\Program Files\SpywareBlaster
2007-12-04 08:13:09 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 08:13:02 0 d-------- C:\WINDOWS\LastGood
2007-12-04 07:41:11 0 d-------- C:\Program Files\Trend Micro
2007-12-04 05:37:55 0 d-------- C:\Program Files\RegistryFix
2007-12-04 04:55:59 36864 --a------ C:\WINDOWS\system32\rqrspqp.dll
2007-12-04 02:30:37 36864 --a------ C:\WINDOWS\system32\iifcawt.dll
2007-12-04 01:50:17 36864 --a------ C:\WINDOWS\system32\ljjgday.dll
2007-12-04 01:39:22 37376 --a------ C:\WINDOWS\system32\fccdefe.dll
2007-12-03 21:53:36 83085 --a------ C:\WINDOWS\system32\exerwicw.dll
2007-12-03 21:50:37 77376 --a------ C:\WINDOWS\system32\ybyngour.dll
2007-12-03 21:25:41 36864 --a------ C:\WINDOWS\system32\efcdbxx.dll
2007-12-03 17:37:51 36864 --a------ C:\WINDOWS\system32\pmnkkif.dll
2007-12-03 16:58:17 36864 --a------ C:\WINDOWS\system32\iiffccb.dll
2007-12-03 16:50:19 36864 --a------ C:\WINDOWS\system32\khfefcc.dll
2007-12-03 16:48:47 36864 --a------ C:\WINDOWS\system32\vtuvwus.dll
2007-12-03 14:12:40 39936 --a------ C:\WINDOWS\system32\rqrsrst.dll
2007-12-03 14:12:39 37376 --a------ C:\WINDOWS\system32\mljhigh.dll
2007-12-03 14:12:37 37376 --a------ C:\WINDOWS\system32\gebbbxw.dll
2007-12-03 14:12:34 62464 -----n--- C:\WINDOWS\system32\ncmimoov.exe
2007-12-03 10:30:27 37376 --a------ C:\WINDOWS\system32\ssqpono.dll
2007-12-03 10:30:25 37376 --a------ C:\WINDOWS\system32\nnnnkjh.dll
2007-12-03 10:30:24 39936 --a------ C:\WINDOWS\system32\efcdeda.dll
2007-12-03 09:38:11 37376 --a------ C:\WINDOWS\system32\yayywtq.dll
2007-12-03 09:37:58 37376 --a------ C:\WINDOWS\system32\vturpqo.dll
2007-12-03 09:37:58 39936 --a------ C:\WINDOWS\system32\tuvursp.dll
2007-12-03 09:36:49 66048 -----n--- C:\WINDOWS\system32\mkidajc.exe
2007-12-03 08:01:24 1156 --a------ C:\WINDOWS\mozver.dat
2007-12-03 07:44:59 114 --a------ C:\WINDOWS\system32\dslk.bat
2007-12-03 06:24:47 0 d-------- C:\Documents and Settings\Keith\Application Data\GetRightToGo
2007-12-03 05:50:15 39936 --a------ C:\WINDOWS\system32\vtutqpp.dll
2007-12-03 05:50:15 37376 --a------ C:\WINDOWS\system32\vtusrro.dll
2007-12-03 05:50:15 37376 --a------ C:\WINDOWS\system32\hgggddb.dll
2007-12-03 05:50:08 62464 -----n--- C:\WINDOWS\system32\wypw.exe
2007-12-03 05:50:08 62464 -----n--- C:\WINDOWS\system32\csndeq.exe
2007-12-02 21:38:40 128080 --ahs---- C:\WINDOWS\system32\jmllm.ini2
2007-12-02 21:38:35 336480 --a------ C:\WINDOWS\system32\mllmj.dll
2007-12-02 21:33:30 39936 --a------ C:\WINDOWS\system32\opnklmn.dll
2007-12-02 21:33:26 37376 --a------ C:\WINDOWS\system32\hggdawu.dll
2007-12-02 21:33:25 37376 --a------ C:\WINDOWS\system32\awtqqpm.dll
2007-12-02 21:33:22 62464 -----n--- C:\WINDOWS\system32\amwgr.exe
2007-12-01 13:26:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-30 23:44:57 0 d-------- C:\WINDOWS\CSC
2007-11-30 21:42:28 0 d--hs---- C:\found.000
2007-11-30 10:58:48 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-11-30 01:48:46 0 d--h----- C:\WINDOWS\PIF
2007-11-23 20:16:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-23 12:47:17 98304 --a------ C:\WINDOWS\system32\qttask.exe <Not Verified; Apple Computer, Inc.; QuickTime>
2007-11-23 12:44:50 0 d-------- C:\WINDOWS\system32\QuickTime
2007-11-23 12:44:37 152064 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-23 12:44:32 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-23 12:44:22 0 d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-11-23 09:22:39 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-11-23 09:18:10 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-23 09:18:07 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-11-23 09:18:07 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-11-23 09:18:05 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-11-23 06:21:06 0 d-------- C:\Program Files\AskTBar
2007-11-23 05:37:26 0 d-------- C:\Program Files\Nero
2007-11-23 05:37:26 0 d-------- C:\Program Files\Common Files\Nero
2007-11-22 15:37:34 0 d-------- C:\Program Files\MSXML 4.0
2007-11-22 13:48:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-22 12:40:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-22 12:37:13 0 d-------- C:\Documents and Settings\Keith\Application Data\Ahead
2007-11-22 12:34:29 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-17 20:15:09 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-17 09:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-15 20:08:44 0 d-------- C:\WINDOWS\pss
2007-11-15 18:31:01 0 d-------- C:\Documents and Settings\Keith\Application Data\Apple Computer
2007-11-15 18:30:27 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-11 15:15:45 0 d-------- C:\Program Files\TomTom DesktopSuite
2007-11-09 18:40:11 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-11-09 18:10:35 0 d-------- C:\Documents and Settings\Keith\Application Data\Help
2007-11-08 08:23:15 0 d-------- C:\Program Files\TomTom HOME 2
2007-11-08 08:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-08 08:19:38 0 d-------- C:\Program Files\TomTom HOME


-- Find3M Report ---------------------------------------------------------------

2007-12-04 14:18:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-04 09:20:53 0 d-------- C:\Program Files\Xerox One Touch
2007-12-04 09:20:33 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-12-04 09:16:36 0 d-------- C:\Program Files\Norton Internet Security
2007-12-04 09:13:10 0 d-------- C:\Program Files\MSN Messenger
2007-12-04 09:10:42 0 d-------- C:\Program Files\Messenger
2007-12-04 09:09:22 0 d-------- C:\Program Files\D-Tools
2007-12-04 06:06:39 0 d-------- C:\Documents and Settings\Keith\Application Data\uTorrent
2007-11-27 15:43:43 0 d-------- C:\Documents and Settings\Keith\Application Data\Tyre
2007-11-27 15:15:08 0 d-------- C:\Program Files\Tyre
2007-11-23 20:16:05 0 d-------- C:\Documents and Settings\Keith\Application Data\Mozilla
2007-11-23 09:22:30 0 d-------- C:\Program Files\Ahead
2007-11-23 06:34:27 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-23 05:37:26 0 d-------- C:\Program Files\Common Files
2007-11-23 05:25:24 0 d-------- C:\Program Files\Real
2007-11-22 12:47:08 4 --a------ C:\WINDOWS\system32\micr0st.dll
2007-11-08 08:23:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-06 05:08:43 0 d-------- C:\Program Files\Symantec
2007-11-04 10:14:46 0 d-------- C:\Documents and Settings\Keith\Application Data\Real
2007-11-01 07:40:01 0 d-------- C:\Program Files\RegCure
2007-11-01 02:04:15 0 d-------- C:\Program Files\NovaLogic
2007-10-30 01:49:05 0 d-------- C:\Program Files\Real Alternative
2007-10-30 01:39:08 0 d-------- C:\Program Files\Common Files\Real
2007-10-29 16:11:34 0 d-------- C:\Program Files\DivX
2007-10-29 16:09:12 0 d-------- C:\Documents and Settings\Keith\Application Data\Pegasys Inc
2007-10-19 19:36:01 0 d-------- C:\Program Files\Super DVD Ripper
2007-10-19 15:16:29 48 ---hs---- C:\Documents and Settings\Keith\Application Data\.zreglib
2007-10-19 14:47:04 0 d-------- C:\Documents and Settings\Keith\Application Data\Roxio
2007-10-19 12:34:14 0 d-------- C:\Documents and Settings\Keith\Application Data\SlySoft
2007-10-18 20:55:40 0 d-------- C:\Documents and Settings\Keith\Application Data\vlc
2007-10-18 20:39:56 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-17 20:41:03 14 --a------ C:\WINDOWS\system32\SysEngine2.SYS
2007-10-16 20:53:40 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-16 20:53:27 0 d-------- C:\Program Files\NCH Software
2007-10-12 07:23:08 551 --a------ C:\Documents and Settings\Keith\Application Data\AutoGK.ini
2007-10-12 07:22:51 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-12 07:10:29 0 d-------- C:\Documents and Settings\Keith\Application Data\AVS4YOU
2007-10-12 06:42:45 0 d-------- C:\Documents and Settings\Keith\Application Data\dvdcss
2007-10-12 06:14:43 0 d-------- C:\Documents and Settings\Keith\Application Data\Moyea
2007-10-11 07:08:28 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat
2007-10-11 06:33:22 16 --a------ C:\WINDOWS\system32\audiotime.dll
2007-10-11 06:02:36 0 d-------- C:\Documents and Settings\Keith\Application Data\NCH Swift Sound
2007-10-09 04:30:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-09 04:29:55 0 d-------- C:\Program Files\Common Files\Download Manager
2007-09-28 16:05:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-28 16:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:40 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:08 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-07 13:05:04 1165 --a------ C:\WINDOWS\checkip.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDDDF15-33C1-42FB-BD67-317860034E9D}]
02/12/2007 21:38 336480 --a------ C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}]
02/12/2007 21:33 37376 --a------ C:\WINDOWS\system32\awtqqpm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a46d41a5-e60b-4264-b729-8bfff2fcb022}]
03/12/2007 21:50 77376 --a------ C:\WINDOWS\system32\ybyngour.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 16:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 19:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [13/01/2007 21:11]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 14:28 C:\WINDOWS\soundman.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [26/03/2003 09:19]
"OneTouch Monitor"="C:\Program Files\Xerox One Touch\OneTouchMon.exe" [12/06/2003 15:14]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 08:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [13/01/2003 09:19]
"Windows Zero Driver"="wncmgr.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28/11/2007 19:51]
"Spooler SubSystem App"="C:\WINDOWS\system32\spooIsv.exe" [13/06/2007 10:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}"= C:\WINDOWS\system32\awtqqpm.dll [02/12/2007 21:33 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqpm]
awtqqpm.dll 02/12/2007 21:33 37376 C:\WINDOWS\system32\awtqqpm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6540 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-04 14:22:56 ------------
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Download Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please download Combofix from any of these locations:

Download ComboFix from
Here
or
Here




Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run ComboFix without being supervised by a security analyst.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top